Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
10web photo gallery vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-46889
The 10Web Photo Gallery plugin up to and including 1.5.69 for WordPress allows XSS via theme_id for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-31693.
10web Photo Gallery
9.8
CVSSv3
CVE-2021-24139
Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions prior to 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter.
10web Photo Gallery
1 Github repository
4.8
CVSSv3
CVE-2021-24310
The Photo Gallery by 10Web - Mobile-Friendly Image Gallery WordPress plugin prior to 1.5.67 did not properly sanitise the gallery title, allowing high privilege users to create one with XSS payload in it, which will be triggered when another user will view the gallery list or the...
10web Photo Gallery
7.2
CVSSv3
CVE-2017-12977
The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin prior to 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in admin/controllers/BWGControllerTags_bwg.php. It is exploitable by admi...
10web Photo Gallery
4.8
CVSSv3
CVE-2022-1394
The Photo Gallery by 10Web WordPress plugin prior to 1.6.4 does not properly validate and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed
10web Photo Gallery
9.8
CVSSv3
CVE-2022-1281
The Photo Gallery WordPress plugin up to and including 1.6.3 does not properly escape the $_POST['filter_tag'] parameter, which is appended to an SQL query, making SQL Injection attacks possible.
10web Photo Gallery
6.1
CVSSv3
CVE-2022-1282
The Photo Gallery by 10Web WordPress plugin prior to 1.6.3 does not properly sanitize the $_GET['image_url'] variable, which is reflected back to the users when executing the editimage_bwg AJAX action.
10web Photo Gallery
8.8
CVSSv3
CVE-2015-9380
The photo-gallery plugin prior to 1.2.42 for WordPress has CSRF.
10web Photo Gallery
6.1
CVSSv3
CVE-2019-16118
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin prior to 1.5.35 for WordPress exists via admin/controllers/Options.php.
10web Photo Gallery
1 EDB exploit
1 Github repository
4.9
CVSSv3
CVE-2021-24363
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin prior to 1.5.75 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images/SVG anywhere in the filesystem via a path traversal vector
10web Photo Gallery
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »